IE 8 SmartScreen Protects Against Identity-Stealing Malware

Over the last year, we’ve published twoposts about how the IE8 SmartScreen® filter helps to prevent phishing and malware attacks. In this post, I’d like to share some real-world data on the protection provided to IE8 pre-release users by the anti-malware feature. We’ve invested heavily in this feature, and we’ve seen significant results.

Here are some key statistics:

We have delivered over 10 million malware blocks in the past six months

That’s a block for one out of 40 users, every week

We’ve seen (and blocked) one in every 200 downloads as malicious

These are BIG numbers – each malicious download blocked helps prevent compromise of that user’s computer.

Here’s how it works: SmartScreen’s malware protection focuses on identifying and blocking sites on the web that are distributing malicious software. As a reputation-based feature, SmartScreen can block new threats from existing malicious sites, even if those threats are not yet blocked by traditional anti-virus or anti-malware signatures. In this way, the SmartScreen filter complements traditional anti-virus products by providing additional dimensions for both identification and protection. For comprehensive protection from malware, we highly recommend that users also install traditional anti-virus products and keep them up to date.

SmartScreen delivers blocks both in the navigation experience and in the file download experience depending on the situation. This level of control allows us to block entirely malicious sites, portions of sites or just a single malicious download on an otherwise clean site (for instance, a social networking or file-sharing site). Similar to our anti-phishing efforts, we source the malware data based on a combination of Microsoft internal and 3rd party data to deliver the most relevant, comprehensive protection. We’re committed to making the browsing experience safer and have a team of people constantly researching and improving protection.

Not all malware protection is created equal-- just because a browser has anti-malware features doesn’t mean it protects users from the most relevant threats. A study comparing leading browsers on their ability to block malware attack sites that attempt to fool the user with social-engineering was recently released by NSS Labs. As you can see from the chart below, IE8 is detecting two to four times more attacks than the other browsers. Note that IE7 does not have anti-malware URL filtering; the IE7 blocks below are due to malware sites that are also phishing sites blocked by IE7’s Phishing Filter.

We’re committed to continuing to deliver the most relevant protection to our users. With the investments we’ve made in hardening the IE platform, the user is usually the weakest link. Prevalent malware is packaged and delivered in such misleading ways that users understandably have a hard time recognizing when they are at risk. That’s where SmartScreen steps in.